In some restricted server scenarios, it is not possible to enumerate the Windows machine certificate store. A PermissionError is raised and the operation aborted. Instead, we should simply return no certificates from _load_windows_store_certs. This will most likely cause the SSL request to fail (as the certificate cannot be verified), but it allows the use of SSL_CERT_FILE to use certificates from a local file. Without handling the PermissionError, it doesn't matter whether the environment variable is set or not - we simply fail every time.
Added a patch against 3.5 that handles PermissionError and warns about the failure. I think this should be applied against 2.7, 3.5 and 3.6, and that it's unfortunately untestable (without adding extra API to force it to fail). Any concerns?
One slight change to the patch for 2.7 - has to catch OSError. Just realised that I forgot to mention the reason we shouldn't just let the exception propagate out is that we then never load certificates specified by the SSL_CERT_FILE variable. Handling the exception allows a workaround. If the exception occurs and no other certificates have been provided, it seems certain that a later operation is going to fail with a much more useful message (i.e. unverifiable connection, or whatever it says). There are also libraries (I think urllib is the one that was causing me actual trouble) that keep retrying the call when it fails, and all of those would need to be updated to handle this error. The docs don't specify potential exceptions, so I see only good by not raising an exception here.
History
Date
User
Action
Args
2022-04-11 14:58:31
admin
set
github: 71301
2016-05-26 19:28:09
steve.dower
set
status: open -> closedresolution: fixedstage: commit review -> resolved
